Wireless Access

Hi.

 

I have configured my captive portal on controller Aruba 3400 firmware 6.3.1.16, will validate user by freeradius server.

 

My client wants use only SHA 2, is it possible? Could be:

 

Configuration--> Management--> Certificates--> CSR--> Key length = 256 ?

 

Today Key Length =1024.

 

It is correct? Or not have way to do this?

 

Thks

Paulo Mauricio

SHA2 can use 4 kinds of hash functions: SHA224, SHA256, SHA384 and SHA512.

Pick any of those for an SHA2 cert.

Thanks James for your response.

Today my users go to securelogin.arubanetworks.com page and the certificate GeoTrust DV SSL CA SHA1. 

For SHA2 I have to go in configuration-->certificates-->upload a certificate?

 

Regards,

 

Paulo Maurício

 

In the WebUI

1.    Navigate to the Configuration >Management >Certificates > CSR page.

2.    Click Generate New.

3.    Enter the following information:

 

Table 106 CSR Parameters (Continued)

Parameter

Description

Range

key	Length of private/public key.	1024/2048/4096
common_name	Typically, this is the host and domain name, as in aruba-master.yourcompany.com.	—
country	Two-letter ISO country code for the country in which your organization is located.
state_or_province	State, province, region, or territory in which your organization is located.
city	City in which your organization is located.
organization	Name of your organization.
unit	Optional field to distinguish a department or other unit within your organization.
email	Email address referenced in the CSR.

Then create a certificate from the CSR on your chosen Certificate Authority (Public or Internal depending on the deployment).

 

Then once you have the cert, upload it as you mentioned.

 

.. and don't forget to assign the cert to a use: Configuration -> Management -> General

 

 

 

It is recommended to do the CSR / key generation on an external server so you can backup the private key.

James thanks again.

 

Today the configuration-->management-->general is default. After upload new cert I will have 2 options (default and new cert), correct? When change and aply, my APs wull reboot?

 

Regards,

 

Paulo Mauricio

You're correct about changing the cert but your APs will not reboot.

When you change the cert the web server process will restart and you'll be logged out on the web console.

Ok James.

 

When I do it I post here.

 

Thks again.

 

Regards,

 

Paulo Mauricio

I have a quetion about the same concern, 

with RSA key i need to choose from "1024/2048/4096" in order to have a certificate that support SHA-2, getting a bit confused as on CSR there is no Dropdown to specify the this option,
any idea here ?

Key size is not related to the hashing algorithm.

A common configuration would be SHA-256 with a 2048-bit key

hello Cappalli
thanks for your pro-activity
i would like to know if SHA-256 is an option to configure from CA side or from controller
thank you for your help

A public CA is usually not going to give you the option. They will give you a SHA-256 cert.

got you !
so what i need to do is to generate a CSR with 2048 key lenght, and then send it to CA for signature using sha-256
==> result will be a certificate that support thumbprint algorithm of SHA-2

am i right ?

thank you cappalli for contributions

Yes, correct.